Thursday night and checking Facebook on my mobile before going to sleep. One of my friends is complaining about how hard it is to use Yahoo mail abroad. Problem logging in and now there’s some problem with the account. “Your E-mail account has exceeded its limit and needs to be verified, if not verified within 24 hours, we shall suspend your account. Click Here to verify your email account now.” And when you try to resolve it, it doesn’t even work. You just end up on the login page! Damn Yahoo!
Stop! This message is not about a problem with the mail system, it’s a very typical phishing mail. I responded with a warning, and yes, the link had indeed been clicked and the credentials entered on a page that looked like the Yahoo login page. That made my friend a phishing victim like so many other Internet users. It was the beginning of a long night trying to figure out how to change the mail password using a tiny mobile screen. But the case came to a happy end. The password was apparently changed before the attackers had a chance to take benefit from the account, thanks to the swift reaction.
How to spot a phishing attempt?
My friend is not a computer newbie, and did in theory know all this. But the attack succeeded anyway. How is this possible? Imagine that it is late in the night and you are tired. There are other people distracting you. You are traveling and really depending on your mail account. And on top of that, you have had problems and expect even more trouble with this operator. So this is a very typical situation where the fingers can be faster than the brains. This is really the optimal situation for an attacker to hit, and they happened to send this phishing mail at the
right wrong time. Honestly, are you sure this couldn’t happen to you?
Ok, so what should I do to avoid being phished?
As a practice, examine the link above and try to figure out where it points and what company it belongs to without clicking it.
Phishing @ Wikipedia.
Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public.
#SLUSH15 is almost here, and F-Secure’s participating in this year’s event in a big way. There’s going to be a big #smartsecurity announcement about the Internet of Things, as well as a couple of presentations from F-Secure personnel. SLUSH, a well-known exposition for startups in the tech industry, has become a huge international event. Both SLUSH and F-Secure call Helsinki home, so it’s only natural for F-Secure to be an active participant at the annual conference. F-Secure made waves last year after the cybersecurity company hacked the venue’s bathrooms to get people talking about online privacy. Several of the company’s researchers and personnel also put in appearances at last year’s SLUSH, including cyber security expert Mikko Hypponen, and F-Secure’s Executive Vice President, Consumer Security, Samu Konttinen. [youtube https://www.youtube.com/watch?v=u93kdtAUn7g&w=560&h=315] [youtube https://www.youtube.com/watch?v=HB-qBhWV65s&w=560&h=315] And they’re both back this year! This year, Samu will be giving a keynote address on SLUSH’s Silver Stage. His talk is called “Your home, your rules – The internet of what ifs”, and runs from 11:45am to 12:00pm (Helsinki time) on November 11th. Samu’s enthusiasm for topics related to security and online privacy will give people valuable insights into how IoT devices are creating new security challenges, and what people can do to protect themselves. Mikko will be appearing on SLUSH’s Black Stage at 9:25am (Helsinki time) on November 12th, where he’ll deliver a talk called “The Online Arms Race”. Mikko recently did an interview about this same topic for V3.co.uk, so you can check that out if you want a quick preview about Mikko’s thoughts on this matter. You can follow all of F-Secure’s SLUSH news by following @FSecure_Sense, @FSecure_IoT, and @FSecure on Twitter.
Cyber Security Month is ending. We're sure you've already done the basics to avoid a digital catastrophe, as explained by F-Secure Security Advisor Sean Sullivan in a recent News from the Labs post on avoiding malware that can take your files hostage for ransom: Back up your stuff! Uninstall software and/or disable browser plugins that you don’t use. Keep the software that you do use up to date. But there's one last cyber security tip we want to pass on from our Janne who helps businesses avoid the kind of security errors that can cost them huge amounts of time and money. His advice: “Don’t even try to remember your passwords. That system you have so no one can possibly guess your password? The attackers know that one. Get a reputable password safe that you can sync to your phone and only ever use generated passwords.” This is the one cyber security tip you need to tell your boss -- if s/he hasn't told it to you already. You can use F-Secure KEY -- our password manager -- for free on one device. For more insight on how vulnerable your office is to online threats try our free Cyber Security Stress Test. We now return you to the other 11 months of the year when criminals hope you aren't thinking about cyber security. Cheers, Sandra
I have become pretty immune to advertising on the net. The brain develops an algorithm to locate the relevant content and filter out the junk around it. Frankly speaking, ask me about what ads there were on the page I just visited, and I have no clue. And I believe that’s true for many of us. Except that our internal ad-blockers aren’t perfect. The advertising may still affect us unconsciously. This issue has been in the headlines a lot since Apple introduced a simple way to implement ad-blocking on iPhones and iPads. Many took advantage of the opportunity and released new tools, among them the excellent F-Secure ADBLOCKER. And many media providers got upset as this development will no doubt increase the usage of ad blocking, and thus reduce advertising revenues. Some newspapers are already attempting to prevent users with ad-blockers from using their site at all. And some publishers admit that advertising has gone too far and they had it coming. So let’s take a look at the pros and cons of advertising. First the pros. Advertisers pay for your “free” stuff. It makes it possible to get a lot of excellent services and content without paying money. Instead you pay by exposing yourself to ads and letting companies profile you for targeted advertising. Some may actually find ads, especially well targeted ads, useful. They may contain special offers and campaign codes that are of true value to you. Advertising can be entertaining. And then the longer list, the cons. Advertising often disturbs your user experience. You have to locate the beef among glossy blinking ads. And you may even have to dodge pop-ups to actually see your content. Advertising may lure you to make more, often unnecessary, purchases. That’s basically the objective of advertising. Advertising often tries to trick you into opening the advertiser’s site. For example by mimicking a Next- or Download- button in the ad. Advertising may show content that is unsuitable for the viewer. Advertising can be a way to deliver malware. Ads are delivered from separate servers. A compromised ad server may show infected ads on sites with a good reputation. I.e. in places where you don’t expect to run into malware. Advertising will consume bandwidth and make pages load more slowly. This can cost you real money depending on your data plan. Advertising is the main reason to track you. Many companies attempt to profile you as accurately as possible to make targeted advertising more effective. Good targeted advertising may not be evil in itself, but misuse of the collected data is a real threat. It seems likes the cons win hands-down. But there is one argument in favor of advertisement that deserves some more attention. The publishers who take an aggressive approach against ad-blocking typically say that blocking ads is like taking a free ride. You try to benefit from free content without paying the price. And this is an argument that can’t be dismissed just like that. Remember that advertising is the engine for a significant part of the net. Imagine that 100% of the users would use 100% effective ad-blockers. What would our virtual world look like in that case? I don’t know, but it would definitively be a different world. But on the other hand, it’s easy to find sites where advertising definitively has gone overboard. So it is understandable if the advertisers receive little sympathy for their fight against ad-blocking. This is yet another question without any clear and simple answers. So let’s pass it to you, dear readers. What do you think about advertising on the web? [polldaddy poll=9139628] [caption id="attachment_8591" align="aligncenter" width="1024"] Article trying to defend advertising. The beef is there under the ad. ;)[/caption] Safe surfing, Micke Image: iPhone and www.streamingmedia.com screenshots